|
306051
|
6.1 |
MEDIUM
Network
|
pixelpost
|
pixelpost
|
pixelpost 1.7.1 has XSS
|
CWE-79
Cross-site Scripting
|
CVE-2009-4900
|
2024-11-21 10:10 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306052
|
9.8 |
CRITICAL
Network
|
pixelpost
|
pixelpost
|
pixelpost 1.7.1 has SQL injection
|
CWE-89
SQL Injection
|
CVE-2009-4899
|
2024-11-21 10:10 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306053
|
- |
|
justsystems
|
just_smile
atok
atok_flat-rate_service
|
Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the sc…
|
NVD-CWE-noinfo
|
CVE-2009-4738
|
2024-11-21 10:10 |
2013-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306054
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2009-5017
|
2024-11-21 10:10 |
2010-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306055
|
- |
|
php
|
php
|
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanism…
|
CWE-189
Numeric Errors
|
CVE-2009-5016
|
2024-11-21 10:10 |
2010-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306056
|
- |
|
turbogears
|
turbogears2
|
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2009-5015
|
2024-11-21 10:10 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306057
|
- |
|
turbogears
|
turbogears2
|
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authoriz…
|
CWE-310
Cryptographic Issues
|
CVE-2009-5014
|
2024-11-21 10:10 |
2010-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306058
|
- |
|
g.rodola
|
pyftpdlib
|
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during…
|
CWE-399
Resource Management Errors
|
CVE-2009-5013
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306059
|
- |
|
g.rodola
|
pyftpdlib
|
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-5012
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306060
|
- |
|
g.rodola
|
pyftpdlib
|
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…
|
CWE-362
Race Condition
|
CVE-2009-5011
|
2024-11-21 10:10 |
2010-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
